7 Answers
7

Windows has had a single-user ethos for a very long time. Even with the invention of NT and a role/privilege system, default installs would plonk users as king of the hill. Their account (and, more importantly, anything running as their account) could do anything to any file without a check.

This is huge because any application, any exploit in an application could run as Administrator.

It's only since Vista where that's trying to be reversed and tightened with things like UAC...

Source access is a double-edged sword. Open source enthusiasts usually tout security but it does also let people right into the system. They don't have to report anything they find, they could just write exploits for the hole.

Thankfully, most people do report any flaws they find. Even better is they sometimes include patches that can be immediately tested and distributed.

The turnaround for patching security holes does seem shorter than closed source software.

There are just fewer of us.

Sounds bleak but there are fewer people using one particular open source application. It's hard to justify writing an exploit, trojan, worm, etc when you could write one for Windows in the same time and catch a lot more people.

But we can't be complacent. There's no reason why a trojan or worm can't work in Linux. A malicious app running as a limited user can still do a whole load of damage. And the real flaw in all of this is the users.

Users are idiots who can be convinced to do almost anything if you dress it up with enough pomp or make it look like they're going to get something worthwhile from the process.

Windows was designed, back in the day, as a single-user system. Linux, on the other hand, was built with a multi-user architecture.

In Linux, all your system files are owned by root. They're locked down and can not be edited by the casual user. Windows gives free range to the system files.

Windows UAC is the current implementation to restrict access to these system files and settings, it's a patch to try resolve a fundamental design flaw. Linux has this security built in from the ground up, making it more reliable and tightly integrated into the user experience.

It is Open Source, which means the code can be looked over by anyone (mostly developers). This is Linus' Law, which states that "given enough eyeballs, all bugs are shallow".

A default Linux install is locked down: only essential services start. Windows used to have many exploitable services running (but they've tightened up on that front a bit).

We can't judge just on OS alone, plenty of security flaws relate to bad user practices, social engineering and just plain ignorance. A chain is only as strong as it's weakest link.

Also, regardless of OS, no system is secure if you have physical access to it ;)

There has been a lot of debate over whether a open environment is intrinsically more secure than a closed environment. The problem being that when we compare the security of Windows with Linux the argument is always trotted out that because Windows has such a market domination, that the attackers target Windows and if Linux had the same level of usage then it would be found just as vulnerable.

The key point to take here is that it is the mono-culture that is really at fault. One of the key advantages of Linux is that there are a plethora of different distributions, while an attack may be exploited across a number of different distributions rarely will it affect all. We can see this from the vulnerability reports that are reported, in that even if a widely used application or library is found to be vulnerable that exposure is usually limited because of configuration options to only a few distributions. The same doesn't seem to apply to the Windows family as the configuration of librarys and applications are the same across variants.

The answer is easy and for sure Ubuntu is much safer than Windows and also Mac OS.

Windows users are often working as root, although it is not recommended by MS since a long time they make/made it possible and lazy users say proudly this is a big advantage

Sudo: for installation or system changes you need to enter a password not just say yes as in Vista or Win7. Users tend to just click yes without reading

Kernel build in firewall in Linux in Windows one has to install some crappy personal firewalls

In former and still widely used Windows versions most ports are open in default for convenience reasons, in Ubuntu they are mostly closed in default

In Ubuntu one is installing signed software using the package management, in Win or Mac one is downloading unsafely from internet.

In Ubuntu mostly required software is already pre-installed, in Windows one has to unsafely download even the basic graphics drivers!

Without additional software the home folder can be encrypted in Ubuntu also Ubuntu has a guest mode if another person is using it

SSH for maintenance in Ubuntu

Open Source: everybody has access to the source code in Ubuntu and can complain if there is a security threat

Windows is just to complex and opens security gaps everywhere, although MS employs a lot of security staff the cannot keep it secure

Windows comes mostly installed with third party bloadware which are a security threat

Windows updates are just crap, every fresh install of Windows is a big security threat until it is patched up to date. Unfortunately this update process takes several day while windows in unprotected!

Since updates are crap in Windows most often users are not updating at all which is even a bigger security threat. In Ubuntu updating takes just a few minutes and one is updating always to the newest

Ubuntu fixes security relevant bugs much quicker than Windows. Mac OS is know to fix it in half year cycles.

In Windows in default users are using unsafe and old MS IE

Conclusion: Windows is completely unsafe since it has unchangeable architectural issues and Microsoft's politic to always let the users bypass all security attempts due to "convenience for the users" reasons. Also it is most widely used OS and so it is well exploited by criminals. It is a easy target for them.

Mac OS is much safer but Apple is keeping all issues in secret and tends to fix issues quite late, much later than even MS. Just because its low market share is is not such an attractive target.

Most safe is a Linux like Ubuntu. But keep in mind if someone really wants to hack your computer it is still possible. Maybe just harder. If someone has physical access to your computer it is still quite easy. So even if using Ubuntu you are still not safe from secret service, competing companies, employers and "friends".

The biggest security threat is still the user. The tendency to download some hacked software from internet, to click links in emails, ...

And furthermore most users even don't see a problem having male-ware on their computer. Nowadays male-ware is not like old time viruses breaking ones system. And as long as users still can use their computers for surfing, chatting and facebook they just don't care if it is used in a bot net.

you can download unsafe stuff from Ubuntu as well. and you don't have to use the internet in mac os x, you could use the safe mac app store...
–
AlvarJul 11 '12 at 11:52

1

I love linux and dislike MS, but still, -1 for not being fair.
–
MaheshAug 11 '12 at 8:22

@Mahesh, it would help if you could explain why Steffens is not being fair.
–
Exeleration-GSep 22 '12 at 12:02

To start with, it was my personal opinion. I may be wrong. Though partly true, the answer is biased. It totally dismisses MS, its products and policies. Not all updates are crap, Windows has a decent firewall, IE is no more bad, and many more. The only point worth praising is "The biggest security threat is still the user." If you would like to discuss the issue further, ping me in AUGR or send a personal mail. As you probably know, its best to keep comments to a minimum.
–
MaheshSep 23 '12 at 17:58

A chain is only as strong as its weakest link or a chain is as secure as its unsafest link. The user is the weakest link, not the OS. Linux-people do know what a computer is, do have a notion of computer-security. Most people don't. Give them any computer, it will be infected in no time, Windows, Mac Os-X, Linux, ...